On Wed, Dec 11, 2002 at 07:54:39AM -0800, Craig Dickson wrote: | Josh Rehman wrote: | | > It's interesting, the advisory claims that this can be exploited even | > when remote admin is disabled. I tried to break my own router with their | > advice, but it didn't work. (Maybe a kind soul has already cracked my | > router and updated my firmware for me? :-) | > | > Presumably you can reset the password with this: | > http://192.168.1.1/Gozila.cgi?setPasswd=hola&RemoteManagement=1&.xml=1 | > | > (replace the ip with the ip of your router's local interface) but this | > didn't do nuttin for me... | > | > That's good news. | > | > I think. | | If that worked from the LAN side, it would be bad but not catastrophic. | If that worked from the WAN side, it would be catastrophic. | | Of course, even from the LAN side, if someone can get into your system | through a forwarded port (say, cracking your web or mail server, or | getting into a shell via ssh), then it trivially becomes remotely | exploitable.
They don't even need to do that. All that is needed is for you to
view a maliciously crafted HTML page. If you don't have javascript
enabled then you would need to click on a link or submit a form as
well.
I just found out about the vulnerability yesterday. My router is
debian on a 486, but I know some places that use Linksys devices.
-D
--
Microsoft DNS service terminates abnormally when it receives a response
to a dns query that was never made.
Fix information: run your DNS service on a different platform.
-- bugtraq
http://dman.ddts.net/~dman/
msg18504/pgp00000.pgp
Description: PGP signature
